| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2014-1739 |
200 |
|
+Info |
2014-06-23 |
2020-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. |
|
302 |
CVE-2014-1652 |
79 |
|
XSS |
2014-06-18 |
2017-12-28 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters. |
|
303 |
CVE-2014-1651 |
89 |
|
Exec Code Sql |
2014-06-18 |
2017-12-28 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
304 |
CVE-2014-1650 |
89 |
|
Exec Code Sql |
2014-06-18 |
2017-12-28 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
305 |
CVE-2014-1545 |
|
|
DoS Exec Code |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. |
|
306 |
CVE-2014-1543 |
119 |
|
Exec Code Overflow |
2014-06-11 |
2017-12-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. |
|
307 |
CVE-2014-1542 |
119 |
|
Exec Code Overflow |
2014-06-11 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. |
|
308 |
CVE-2014-1541 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. |
|
309 |
CVE-2014-1540 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. |
|
310 |
CVE-2014-1539 |
20 |
|
|
2014-06-11 |
2017-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. |
|
311 |
CVE-2014-1538 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
312 |
CVE-2014-1537 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
313 |
CVE-2014-1536 |
|
|
DoS Exec Code |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
314 |
CVE-2014-1534 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
315 |
CVE-2014-1533 |
|
|
DoS Exec Code Mem. Corr. |
2014-06-11 |
2017-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
316 |
CVE-2014-0961 |
352 |
|
XSS CSRF |
2014-06-08 |
2017-08-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
|
317 |
CVE-2014-0960 |
264 |
|
Bypass |
2014-06-14 |
2017-08-29 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1.0.4 IF1 allows remote authenticated users to bypass intended access restrictions by establishing an SSH session from a deployed virtual machine. |
|
318 |
CVE-2014-0936 |
264 |
|
+Info |
2014-06-08 |
2017-08-29 |
4.3 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
Partial |
|
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
319 |
CVE-2014-0935 |
|
|
+Priv |
2014-06-04 |
2017-08-29 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events. |
|
320 |
CVE-2014-0929 |
352 |
|
CSRF |
2014-06-08 |
2017-08-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions. |
|
321 |
CVE-2014-0910 |
79 |
|
XSS |
2014-06-18 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
322 |
CVE-2014-0891 |
200 |
|
+Info |
2014-06-28 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server. |
|
323 |
CVE-2014-0599 |
79 |
|
XSS |
2014-06-18 |
2020-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
324 |
CVE-2014-0598 |
22 |
|
Dir. Trav. |
2014-06-18 |
2020-02-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. |
|
325 |
CVE-2014-0536 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-06-11 |
2017-12-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
|
326 |
CVE-2014-0535 |
264 |
|
Bypass |
2014-06-11 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534. |
|
327 |
CVE-2014-0534 |
264 |
|
Bypass |
2014-06-11 |
2017-12-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535. |
|
328 |
CVE-2014-0533 |
79 |
|
XSS |
2014-06-11 |
2017-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532. |
|
329 |
CVE-2014-0532 |
79 |
|
XSS |
2014-06-11 |
2017-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533. |
|
330 |
CVE-2014-0531 |
79 |
|
XSS |
2014-06-11 |
2017-12-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533. |
|
331 |
CVE-2014-0478 |
20 |
|
|
2014-06-17 |
2020-01-08 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
|
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. |
|
332 |
CVE-2014-0296 |
310 |
|
+Info |
2014-06-11 |
2019-05-15 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability." |
|
333 |
CVE-2014-0282 |
119 |
1
|
DoS Exec Code Overflow Mem. Corr. |
2014-06-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757. |
|
334 |
CVE-2014-0249 |
264 |
|
Bypass |
2014-06-11 |
2019-04-22 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. |
|
335 |
CVE-2014-0244 |
20 |
|
DoS |
2014-06-23 |
2018-10-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. |
|
336 |
CVE-2014-0238 |
119 |
|
DoS Overflow |
2014-06-01 |
2017-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. |
|
337 |
CVE-2014-0237 |
399 |
|
DoS |
2014-06-01 |
2017-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. |
|
338 |
CVE-2014-0224 |
326 |
|
+Info |
2014-06-05 |
2021-11-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. |
|
339 |
CVE-2014-0221 |
399 |
|
DoS |
2014-06-05 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. |
|
340 |
CVE-2014-0220 |
200 |
|
+Info |
2014-06-10 |
2018-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authenticated users to obtain sensitive configuration information via the API. |
|
341 |
CVE-2014-0206 |
|
|
+Info |
2014-06-25 |
2018-12-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. |
|
342 |
CVE-2014-0203 |
416 |
|
DoS |
2014-06-23 |
2020-08-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. |
|
343 |
CVE-2014-0195 |
119 |
|
DoS Exec Code Overflow |
2014-06-05 |
2019-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. |
|
344 |
CVE-2014-0186 |
|
|
DoS |
2014-06-14 |
2014-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression. |
|
345 |
CVE-2014-0042 |
310 |
|
|
2014-06-02 |
2014-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. |
|
346 |
CVE-2014-0041 |
310 |
|
|
2014-06-02 |
2014-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors. |
|
347 |
CVE-2014-0040 |
|
|
|
2014-06-02 |
2014-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors. |
|
348 |
CVE-2014-0007 |
|
|
Exec Code |
2014-06-20 |
2014-06-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. |
|
349 |
CVE-2013-7387 |
|
|
|
2014-06-02 |
2014-06-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. |
|
350 |
CVE-2013-7386 |
134 |
|
DoS Exec Code |
2014-06-02 |
2014-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file. |
